On 14 Nov 00 at 2:04, David Schleef wrote:
> On Tue, Nov 14, 2000 at 09:59:22AM +0100, Olaf Kirch wrote:
> > On Tue, Nov 14, 2000 at 12:06:32AM +0100, Michal Zalewski wrote:
> > > Maybe I am missing something, but at least for me, modprobe
> > > vulnerabilities are exploitable via privledged networking services,
> > > nothing more.
> >
> > Maybe not. ncpfs for instance has an ioctl that seems to allow
> > unprivileged users to specify a character set (codepage in m$speak)
> > that's requested via load_nls(), which in turn does a
> Then it looks like the driver is broken, not modutils.
Well, you can use this ioctl only before ncp filesystem gets to life,
but yes, as this call is always done by mount process, I'll add
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
here. But I still do not see any problem, as ncpfs limits charset/codepage
length to 20 chars (+ NUL terminator), and nobody told me that it is
not possible to use " or - in codepage name ;-)
Best regards,
Petr Vandrovec
vandrove@vc.cvut.cz
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:25 EST